What happens to Your Computer if you Mispell Google.com

That’s for real people. Don’t try this at home! Leave it to the professionals.

The attack surface of WEB technologies has dramatically increased over the past couple of years. It is not only about WEB Applications. Today we explore client side technologies which also play big part in the Web security game.

This footage, although a little bit dramatized, is not that far from the truth. [...]

more | comments | comments rss | posted by

DANGER, DANGER, DANGER

The WEB has gone crazy. I know that this is not news for some of you but you will be surprised to what extend this craziness has just developed. Among the traditional QuickTime Movie, QTL, Flash, Image, HTML and PDF vulnerabilities, there is now another one trivially exploitable with somewhat high degree of impact.

Back in September 2006 David and I had a small adventure with Adobe’s PDF technology. [...]

more | comments | comments rss | posted by

XSSing the Lan

Since there is a growing interest in XSS (Cross-site Scripting) attacks, I will try to put in theory how border routers/gateways can be trivially compromised over the web. For the purpose of this, three prerequisites need to be met: a page that is controlled by the attacker, lets call it evil.com; router vulnerable to XSS; user attending evil.com.

Once the user visits evil.com a malicious JavaScript code executes to find what machines are alive on the LAN and where the router is located. [...]

more | comments | comments rss | posted by